oci

package

v1.1.0 Latest Latest Go to latest Published: Apr 24, 2018 License: Apache-2.0 Imports: 19 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/gcapizzi/containerd

Links

Open Source Insights

Documentation ¶

Rendered for

Index ¶

Variables
func GenerateSpec(ctx context.Context, client Client, c *containers.Container, opts ...SpecOpts) (*specs.Spec, error)
func WithHostHostsFile(_ context.Context, _ Client, _ *containers.Container, s *specs.Spec) error
func WithHostLocaltime(_ context.Context, _ Client, _ *containers.Container, s *specs.Spec) error
func WithHostResolvconf(_ context.Context, _ Client, _ *containers.Container, s *specs.Spec) error
func WithNoNewPrivileges(_ context.Context, _ Client, _ *containers.Container, s *specs.Spec) error
func WithSeccompUnconfined(_ context.Context, _ Client, _ *containers.Container, s *specs.Spec) error
func WithTTY(_ context.Context, _ Client, _ *containers.Container, s *specs.Spec) error
func WithWriteableCgroupfs(_ context.Context, _ Client, _ *containers.Container, s *specs.Spec) error
func WithWriteableSysfs(_ context.Context, _ Client, _ *containers.Container, s *specs.Spec) error
type Client
type Image
type SpecOpts

Constants ¶

This section is empty.

Variables ¶

View Source

var WithAllCapabilities = WithCapabilities(getAllCapabilities())

WithAllCapabilities sets all linux capabilities for the process

View Source

var WithPrivileged = Compose(
	WithAllCapabilities,
	WithMaskedPaths(nil),
	WithReadonlyPaths(nil),
	WithWriteableSysfs,
	WithWriteableCgroupfs,
	WithSelinuxLabel(""),
	WithApparmorProfile(""),
	WithSeccompUnconfined,
)

WithPrivileged sets up options for a privileged container TODO(justincormack) device handling

Functions ¶

func GenerateSpec ¶

func GenerateSpec(ctx context.Context, client Client, c *containers.Container, opts ...SpecOpts) (*specs.Spec, error)

GenerateSpec will generate a default spec from the provided image for use as a containerd container

func WithHostHostsFile ¶

func WithHostHostsFile(_ context.Context, _ Client, _ *containers.Container, s *specs.Spec) error

WithHostHostsFile bind-mounts the host's /etc/hosts into the container as readonly

func WithHostLocaltime ¶

func WithHostLocaltime(_ context.Context, _ Client, _ *containers.Container, s *specs.Spec) error

WithHostLocaltime bind-mounts the host's /etc/localtime into the container as readonly

func WithHostResolvconf ¶

func WithHostResolvconf(_ context.Context, _ Client, _ *containers.Container, s *specs.Spec) error

WithHostResolvconf bind-mounts the host's /etc/resolv.conf into the container as readonly

func WithNoNewPrivileges ¶

func WithNoNewPrivileges(_ context.Context, _ Client, _ *containers.Container, s *specs.Spec) error

WithNoNewPrivileges sets no_new_privileges on the process for the container

func WithSeccompUnconfined ¶ added in v1.1.0

func WithSeccompUnconfined(_ context.Context, _ Client, _ *containers.Container, s *specs.Spec) error

WithSeccompUnconfined clears the seccomp profile

func WithTTY ¶

func WithTTY(_ context.Context, _ Client, _ *containers.Container, s *specs.Spec) error

WithTTY sets the information on the spec as well as the environment variables for using a TTY

func WithWriteableCgroupfs ¶ added in v1.1.0

func WithWriteableCgroupfs(_ context.Context, _ Client, _ *containers.Container, s *specs.Spec) error

WithWriteableCgroupfs makes any cgroup mounts writeable

func WithWriteableSysfs ¶ added in v1.1.0

func WithWriteableSysfs(_ context.Context, _ Client, _ *containers.Container, s *specs.Spec) error

WithWriteableSysfs makes any sysfs mounts writeable

Types ¶

type Image ¶

type Image interface {
	// Config descriptor for the image.
	Config(ctx context.Context) (ocispec.Descriptor, error)
	// ContentStore provides a content store which contains image blob data
	ContentStore() content.Store
}

Image interface used by some SpecOpt to query image configuration

type SpecOpts ¶

type SpecOpts func(context.Context, Client, *containers.Container, *specs.Spec) error

SpecOpts sets spec specific information to a newly generated OCI spec

func Compose ¶ added in v1.1.0

func Compose(opts ...SpecOpts) SpecOpts

Compose converts a sequence of spec operations into a single operation

func WithApparmorProfile ¶ added in v1.1.0

func WithApparmorProfile(profile string) SpecOpts

WithApparmorProfile sets the Apparmor profile for the process

func WithCapabilities ¶ added in v1.1.0

func WithCapabilities(caps []string) SpecOpts

WithCapabilities sets Linux capabilities on the process

func WithCgroup ¶

func WithCgroup(path string) SpecOpts

WithCgroup sets the container's cgroup path

func WithEnv ¶ added in v1.1.0

func WithEnv(environmentVariables []string) SpecOpts

WithEnv appends environment variables

func WithHostNamespace ¶

func WithHostNamespace(ns specs.LinuxNamespaceType) SpecOpts

WithHostNamespace allows a task to run inside the host's linux namespace

func WithHostname ¶

func WithHostname(name string) SpecOpts

WithHostname sets the container's hostname

func WithImageConfig ¶

func WithImageConfig(image Image) SpecOpts

WithImageConfig configures the spec to from the configuration of an Image

func WithLinuxNamespace ¶

func WithLinuxNamespace(ns specs.LinuxNamespace) SpecOpts

WithLinuxNamespace uses the passed in namespace for the spec. If a namespace of the same type already exists in the spec, the existing namespace is replaced by the one provided.

func WithMaskedPaths ¶ added in v1.1.0

func WithMaskedPaths(paths []string) SpecOpts

WithMaskedPaths sets the masked paths option

func WithMounts ¶ added in v1.1.0

func WithMounts(mounts []specs.Mount) SpecOpts

WithMounts appends mounts

func WithNamespacedCgroup ¶

func WithNamespacedCgroup() SpecOpts

WithNamespacedCgroup uses the namespace set on the context to create a root directory for containers in the cgroup with the id as the subcgroup

func WithProcessArgs ¶

func WithProcessArgs(args ...string) SpecOpts

WithProcessArgs replaces the args on the generated spec

func WithProcessCwd ¶

func WithProcessCwd(cwd string) SpecOpts

WithProcessCwd replaces the current working directory on the generated spec

func WithReadonlyPaths ¶ added in v1.1.0

func WithReadonlyPaths(paths []string) SpecOpts

WithReadonlyPaths sets the read only paths option

func WithRootFSPath ¶

func WithRootFSPath(path string) SpecOpts

WithRootFSPath specifies unmanaged rootfs path.

func WithRootFSReadonly ¶

func WithRootFSReadonly() SpecOpts

WithRootFSReadonly sets specs.Root.Readonly to true

func WithSelinuxLabel ¶ added in v1.1.0

func WithSelinuxLabel(label string) SpecOpts

WithSelinuxLabel sets the process SELinux label

func WithUIDGID ¶

func WithUIDGID(uid, gid uint32) SpecOpts

WithUIDGID allows the UID and GID for the Process to be set

func WithUser ¶ added in v1.1.0

func WithUser(userstr string) SpecOpts

WithUser sets the user to be used within the container. It accepts a valid user string in OCI Image Spec v1.0.0:

user, uid, user:group, uid:gid, uid:group, user:gid

func WithUserID ¶

func WithUserID(uid uint32) SpecOpts

WithUserID sets the correct UID and GID for the container based on the image's /etc/passwd contents. If /etc/passwd does not exist, or uid is not found in /etc/passwd, it sets gid to be the same with uid, and not returns error.

func WithUserNamespace ¶

func WithUserNamespace(container, host, size uint32) SpecOpts

WithUserNamespace sets the uid and gid mappings for the task this can be called multiple times to add more mappings to the generated spec

func WithUsername ¶

func WithUsername(username string) SpecOpts

WithUsername sets the correct UID and GID for the container based on the the image's /etc/passwd contents. If /etc/passwd does not exist, or the username is not found in /etc/passwd, it returns error.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL